## https://sploitus.com/exploit?id=428A14A6-6ED6-5772-85BC-F4C16BCC4F9E
This Python script demonstrates the exploitation of the CVE-2023-25581 vulnerability in pac4j-core. The vulnerability allows an attacker to execute arbitrary code (RCE) by deserializing maliciously crafted Base64-encoded data.
Prerequisites
Before running the script, make sure you have the following installed:
Python 3.x: Download Python
requests library: Install it by running the command:
bash
pip install requests
Usage
Clone the Repository:
Clone this repository to your local machine:
bash
git clone https://github.com/p33d/CVE-2023-25581
cd CVE-2023-25581
Run the Exploit Script:
To run the script, use the following command in your terminal:
bash
python3 Poc-CVE-2023-25581.py
Input the Target URL:
After running the script, you will be prompted to enter the target URL of the vulnerable application. For example:
bash
Enter the target URL (e.g., http://vulnerable-app.com/api/profile): http://vulnerable-app.com/api/profile
Payload Execution:
If the target is vulnerable, the script will send a payload and attempt to exploit the system. If successful, you may achieve remote code execution (RCE). The script will print the following message if the exploit is successful:
bash
Payload sent successfully! Check your terminal for RCE.
If the exploit fails or the target is not vulnerable, an error message will be displayed.